using System.Text; using BlueWest.Cryptography; using CodeLiturgy.Data.Application.Users; using CodeLiturgy.Data.Auth; using CodeLiturgy.Data.Auth.Context.Users; using CodeLiturgy.Domain; using BlueWest.WebApi.Context.Users; using CodeLiturgy.Views.Utils; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Identity; using Microsoft.EntityFrameworkCore; using Microsoft.IdentityModel.Tokens; namespace CodeLiturgy.Views; public static class StartupExtensions { /* private static MySqlServerVersion GetMySqlServerVersion(int major, int minor, int build) => new(new Version(major, minor, build)); */ private static string GetDbConnectionString(this IConfiguration configurationRoot, string key) { var startupMode = configurationRoot["mode"]; if (!string.IsNullOrEmpty(startupMode)) { var config = configurationRoot.GetSection($"ConnectionString:{startupMode}")[key]; return config; } return String.Empty; } internal static IServiceCollection AddAuthServerServices(this IServiceCollection services, IConfiguration configuration, IWebHostEnvironment environment) { services.AddSession(options => { options.Cookie.Domain = SessionConstants.CookieDomain; options.Cookie.HttpOnly = true; options.IdleTimeout = TimeSpan.FromHours(8); }); services .AddScoped() .AddScoped() .AddScoped() .AddScoped() .AddScoped() .AddScoped(); // Database Context and Swagger // Register the ConfigurationBuilder instance of AuthSettings var authSettings = configuration.GetSection(nameof(AuthSettings)); services.Configure(authSettings); var signingKey = new SymmetricSecurityKey (Encoding.ASCII.GetBytes(authSettings[nameof(AuthSettings.SecretKey)])); // jwt wire up // Get options from app settings var jwtAppSettingOptions = configuration .GetSection(nameof(JwtIssuerOptions)); // Configure JwtIssuerOptions services.Configure(options => { options.Issuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)]; options.Audience = jwtAppSettingOptions[nameof(JwtIssuerOptions.Audience)]; options.SigningCredentials = new SigningCredentials (signingKey, SecurityAlgorithms.HmacSha256); }); var tokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidIssuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)], ValidateAudience = true, ValidAudience = jwtAppSettingOptions[nameof(JwtIssuerOptions.Audience)], ValidateIssuerSigningKey = true, IssuerSigningKey = signingKey, RequireExpirationTime = false, ValidateLifetime = true, ClockSkew = TimeSpan.Zero }; services.AddAuthentication(options => { options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddCookie(options => { options.LoginPath = Routes.AuthLoginRoute; options.LogoutPath = Routes.AuthLogoutRoute; }) .AddJwtBearer(configureOptions => { configureOptions.ClaimsIssuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)]; configureOptions.TokenValidationParameters = tokenValidationParameters; configureOptions.SaveToken = true; configureOptions.Events = new JwtBearerEvents { OnAuthenticationFailed = context => { if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) { context.Response.Headers.Add("Token-Expired", "true"); } return Task.CompletedTask; }, }; }); // api user claim policy services.AddAuthorization(options => { options.AddPolicy(SessionConstants.ApiNamePolicy, policy => policy.RequireClaim(Constants.JwtClaimIdentifiers.Rol, Constants.JwtClaims.ApiAccess)); options.AddPolicy(SessionConstants.CookieNamePolicy, policy => { policy.RequireClaim(Constants.CookieClaims.CookieAccess); }); }); // add identity var identityBuilder = services.AddIdentityCore(o => { o.User.RequireUniqueEmail = true; // configure identity options o.Password.RequireDigit = false; o.Password.RequireLowercase = false; o.Password.RequireUppercase = false; o.Password.RequireNonAlphanumeric = false; o.Password.RequiredLength = 6; }) .AddUserManager() .AddUserStore(); identityBuilder = new IdentityBuilder(identityBuilder.UserType, typeof(ApplicationRole), identityBuilder.Services); identityBuilder .AddEntityFrameworkStores() .AddDefaultTokenProviders(); return services; } private static DbContextOptionsBuilder UsePsqlConfiguration(this DbContextOptionsBuilder builder, IConfiguration configuration) { var connString = configuration.GetDbConnectionString("db"); builder.UseNpgsql(connString); return builder; } /// /// Setup database Contexts /// /// /// /// /// public static IServiceCollection PreparePostgresqlDatabasePool(this IServiceCollection serviceCollection, IConfiguration configuration, IWebHostEnvironment environment) { return serviceCollection .AddDbContextPool(options => options.UsePsqlConfiguration(configuration)) .AddDbContextPool(options => options.UsePsqlConfiguration(configuration)); } }